Compiler correctness is an old problem, but with the emergence of smart contracts on blockchains that problem presents itself in a new light. Smart contracts are self-contained pieces of software that control (valuable) assets in an adversarial environment; once committed to the blockchain, these smart contracts cannot be modified. Smart contracts are typically developed in a high-level contract language and compiled to low-level virtual machine code before being committed to the blockchain. For a smart contract user to trust a given piece of low-level code on the blockchain, they must convince themselves that (a) they are in possession of the matching source code and (b) that the compiler has correctly translated the source code to the given low-level code.

Classic approaches to compiler correctness tackle the second point. We argue that translation certification also squarely addresses the first. We describe the proof architecture of a translation certification framework and demonstrate how we can model the compilation pipeline as a sequence of translation relations. We give a detailed account of such relations for most passes of the Plutus Tx compiler, which we formalised in Coq. This approach facilitates a modular verification methodology and is robust in the face of an evolving compiler implementation.

编译器的正确性是一个老问题，但随着区块链上智能合约的出现，这个问题以新的视角出现。智能合约是独立的软件，可以在对抗环境中控制（有价值的）资产；一旦提交到区块链，这些智能合约就无法修改。智能合约通常使用高级合约语言开发，并在提交到区块链之前编译为低级虚拟机代码。对于智能合约用户来说，要信任区块链上给定的一段低级代码，他们必须说服自己：(a) 他们拥有匹配的源代码，并且 (b) 编译器已将源代码正确翻译为给定的低级代码。

编译器正确性的经典方法解决了第二点。我们认为翻译认证也直接解决了第一个问题。我们描述了翻译认证框架的证明架构，并演示了如何将编译管道建模为一系列翻译关系。我们详细描述了 Plutus Tx 编译器的大多数遍的此类关系，并在 Coq 中对其进行了形式化。这种方法有利于模块化验证方法，并且在面对不断发展的编译器实现时具有鲁棒性。